Treatment of Internal Fires in Probabilistic Safety Assessment for Nuclear Power Plants | IAEA

(1)

(2)

TREATMENT OF INTERNAL FIRES IN PROBABILISTIC

SAFETY ASSESSMENT

FOR NUCLEAR POWER PLANTS

(3)

The following States are Members of the International Atomic Energy Agency:

AFGHANISTAN ALBANIA ALGERIA ARGENTINA ARMENIA AUSTRALIA AUSTRIA BANGLADESH BELARUS BELGIUM BOLIVIA BOSNIA AND

HERZEGOVINA BRAZIL BULGARIA CAMBODIA CAMEROON CANADA CHILE CHINA COLOMBIA COSTA RICA COTE D’IVOIRE CROATIA CUBA CYPRUS

CZECH REPUBLIC DEMOCRATIC REPUBLIC

OF THE CONGO DENMARK

DOMINICAN REPUBLIC ECUADOR

EGYPT EL SALVADOR ESTONIA ETHIOPIA FINLAND FRANCE GABON GEORGIA GERMANY GHANA GREECE GUATEMALA HAITI

HOLY SEE HUNGARY ICELAND INDIA INDONESIA

IRAN, ISLAMIC REPUBLIC OF IRAQ

IRELAND ISRAEL ITALY JAMAICA JAPAN JORDAN KAZAKHSTAN KENYA

KOREA, REPUBLIC OF KUWAIT

LATVIA LEBANON LIBERIA

LIBYAN ARAB JAMAHIRIYA LIECHTENSTEIN

LITHUANIA LUXEMBOURG MADAGASCAR MALAYSIA MALI MALTA

MARSHALL ISLANDS MAURITIUS

MEXICO MONACO MONGOLIA MOROCCO MYANMAR NAMIBIA NETHERLANDS NEW ZEALAND NICARAGUA NIGER NIGERIA NORWAY PAKISTAN PANAMA

PARAGUAY PERU PHILIPPINES POLAND PORTUGAL QATAR

REPUBLIC OF MOLDOVA ROMANIA

RUSSIAN FEDERATION SAUDI ARABIA SENEGAL SIERRA LEONE SINGAPORE SLOVAKIA SLOVENIA SOUTH AFRICA SPAIN

SRI LANKA SUDAN SWEDEN SWITZERLAND

SYRIAN ARAB REPUBLIC THAILAND

THE FORMER YUGOSLAV REPUBLIC OF MACEDONIA TUNISIA

TURKEY UGANDA UKRAINE

UNITED ARAB EMIRATES UNITED KINGDOM OF

GREAT BRITAIN AND NORTHERN IRELAND UNITED REPUBLIC

OF TANZANIA UNITED STATES

OF AMERICA URUGUAY UZBEKISTAN VENEZUELA VIET NAM YEMEN YUGOSLAVIA ZAMBIA ZIMBABWE

The Agency’s Statute was approved on 23 October 1956 by the Conference on the Statute of the IAEA held at United Nations Headquarters, New York; it entered into force on 29 July 1957. The Headquarters of the Agency are situated in Vienna. Its principal objective is “to accelerate and enlarge the contribution of atomic energy to peace, health and prosperity throughout the world’’.

Permission to reproduce or translate the information contained in this publication may be obtained by writing to the International Atomic Energy Agency, Wagramer Strasse 5, P.O. Box 100, A-1400 Vienna, Austria.

Printed by the IAEA in Austria September 1998

STI/PUB/1062

(4)

TREATMENT OF INTERNAL FIRES IN PROBABILISTIC

SAFETY ASSESSMENT

FOR NUCLEAR POWER PLANTS

SAFETY REPORTS SERIES No. 10

INTERNATIONAL ATOMIC ENERGY AGENCY VIENNA, 1998

(5)

VIC Library Cataloguing in Publication Data

Treatment of internal fires in probabilistic safety assessment for nuclear power plants. — Vienna : International Atomic Energy Agency, 1998.

p. ; 24 cm. — (Safety reports series, ISSN 1020–6450 ; no. 10) STI/PUB/1062

ISBN 92–0–103298–6

Includes bibliographical references.

1. Nuclear power plants—Fires and fire prevention. 2. Fire risk assessment. I. International Atomic Energy Agency. II. Series.

VICL 98–00203

(6)

FOREWORD

In 1974, the IAEA established a special Nuclear Safety Standards (NUSS) programme under which Codes (requirements) and a number of Safety Guides have been produced in the areas of governmental organization, siting, design, operation and quality assurance. The NUSS Codes and Guides are a collection of basic and derived requirements for the safety of nuclear power plants with thermal neutron reactors. They have been developed with the broadest possible international consensus.

This broad consensus is one of the reasons for the relatively general wording of the main principles and requirements which may need further elaboration and guidance for application to specific nuclear power plants. In many areas, national regulations and technical standards are available, but often even these do not answer all questions and only the practice adopted in applying certain rules fully reflects the outcome of the detailed consideration given to solving individual cases.

To present further details on the application and interpretation and on the limitation of individual concepts in the NUSS Codes (requirements) and Safety Guides, a series of publications that detail good practices has been initiated. It is hoped that many Member States will benefit from the experience presented in these publications.

The present report provides information on good practices in conducting probabilistic safety assessment (PSA) for fires in land based nuclear power plants, and is intended for the professional staff who manage or perform PSAs. It is applicable to both new and existing plants.

This Safety Report has been developed within the framework of the IAEA programme on fire safety in response to the increasing attention being given to the risk based approach, both in general safety assessment and in relation to a fire in nuclear power plants. It supplements existing guidelines on this topic.

This publication has been prepared with the help of experts from engineering and scientific organizations, regulators and plant operators, all with practical experience in the field of fire safety and fire protection in nuclear power plants. The IAEA is grateful to all the experts who helped in the drafting and reviewing of this publication.

(7)

1. INTRODUCTION

1.1. BACKGROUND

Considerable attention has recently been devoted to the topic of fire safety at nuclear power plants, in particular to those plants that have been designed and constructed according to earlier fire protection standards. It is important that a comprehensive fire safety assessment is performed for these plants at the earliest opportunity in order to document that the existing fire safety measures are adequate to ensure plant safety. Periodic updating of fire safety analyses has to be continued throughout the life of a plant to reflect all the changes made, as well as the current requirements of and the experience gained on fire safety.

The IAEA is endeavouring to promote an exchange of information on fire safety between different countries, as well as the use of various fire safety assessment techniques. The main objectives are to achieve a better understanding of the current situation, to identify those areas that need further development, and to promote the most effective and reliable techniques. Considerable effort has been made to develop guidelines for the preparation and evaluation of a fire safety analysis for nuclear power plants.

Systematic assessment of a fire hazard is one of the important elements in implementing fire protection in plants. When applied at the plant design stage, it permits integration of the proper protection concept into the design and ensures that, throughout all stages of design, construction and commissioning, problems are identified and resolved. For plants in operation it is possible, through a systematic fire hazard assessment, to identify the existing deficiencies in fire protection and to implement practicable and worthwhile improvements in fire safety.

Deterministic and probabilistic techniques are used to assess a fire hazard. The deterministic fire hazard analysis, typically carried out first, is normally required by licensing authorities and other safety assessors. It is usually developed early in the design of new plants, updated before initial loading of the reactor fuel, and then periodically or when relevant operational or plant modifications are proposed.

Probabilistic safety assessment (PSA) for fire is undertaken globally to supplement the deterministic fire hazard analysis.¹It should be noted that a fire PSA is recognized as a tool that can provide valuable insights into plant design and operation, including

1 Throughout these guidelines the term fire hazard analysis is applied exclusively to the deterministic assessment of fires, while the expressions fire risk assessment and fire PSA are used for the probabilistic safety assessment of fires.

(10)

identification of the dominant risk contributors, comparison of the options for risk reduction and consideration of the cost versus risk benefit.

Two publications devoted to the fire hazard analysis for nuclear power plants have been developed as part of the IAEA Nuclear Safety Standards (NUSS) programme: Preparation of Fire Hazard Analyses for Nuclear Power Plants [1] and Evaluation of Fire Hazard Analyses for Nuclear Power Plants [2]. These publications supplement Safety Series No. 50-SG-D2 (Rev. 1), Fire Protection in Nuclear Power Plants [3], by providing detailed information on the preparation and evaluation of a fire hazard analysis at a nuclear power plant. They address a systematic approach based on the deterministic technique.

No detailed information on conducting a PSA for fire in nuclear power plants is provided in other PSA related IAEA publications: Procedures for Conducting Probabilistic Safety Assessments of Nuclear Power Plants (Level 1) [4] addresses PSA for internal events, and Treatment of External Hazards in Probabilistic Safety Assessment for Nuclear Power Plants [5] outlines the general treatment of those hazards external to a plant that are encountered and analysed most frequently:

earthquakes, high winds, floods and person induced events. Since internal fire events have a localized effect on plant safety systems, no specific recommendations are given in Ref. [5] on the treatment of internal fire hazards.

The present report has been developed in response to the increased attention being given to PSA worldwide. It is intended to facilitate implementation of the risk based approach to fire safety assessment for both new and operating nuclear power plants, and supplements existing IAEA publications on fire safety assessment.

1.2. OBJECTIVES

This Safety Report provides information on good practices in conducting an internal fire PSA for land based nuclear power plants, as well as assistance in integrating the threat of a fire into an existing internal events PSA. It is intended for the professional staff who manage or perform PSAs.

Specific details of various aspects of a PSA for fire are limited globally. The report concentrates on the procedural steps for a fire PSA, but the tools needed to implement these steps remain the choice of the analyst; the references cited should not be taken as complete or authoritative.

This publication can be used to assist in implementing a PSA for fire in nuclear power plants on the basis of the current practical experience gained in this area. A particular aim is to promote a standardized framework, terminology and form of documentation for PSAs that will facilitate an external review of the results of such studies.

(11)

The methods and approaches addressed reflect the practices most widely used to date. This Safety Report is not intended to pre-empt the use of new or alternative methods; on the contrary, the promotion and use of all methods that achieve the objectives of a fire PSA are encouraged.

1.3. SCOPE

This Safety Report supplements Safety Series No. 50-9-4 [4], which deals with internal events. As such, it addresses only those specific issues that are related to fire events. The reader should also refer to Ref. [4] for information on general PSA topics, e.g. plant system modelling, methods of quantification and PSA project organization and management.

The information provided on good practices applies to land based nuclear power plants with thermal reactors of commercial use such as those of the light water, heavy water or gas cooled type. However, this material may also be of use in preparing a PSA for fire for other nuclear reactor installations, including research reactors.

The main emphasis of this publication is placed on assessing the potential risk of core damage states initiated by fires (PSA Level 1, as defined in Ref. [4]).

Some additional information is provided on the probabilistic modelling of fire induced releases from other plant systems and compartments that contain radioactive materials for the purpose of PSA Level 2, as defined in Ref. [4], if required (e.g. in- plant waste storage).

The practices addressed focus on fire events initiated under operation at full power. However, the information provided on the methodological approach is fully applicable to other operational states of the plant, including shutdown. However, in applying this approach to other plant operational states, the analyst should be aware of the specific conditions of the plant, which may differ substantially from those under normal power operation.

There is no limitation to the application of this methodological approach for any stage of the plant life cycle, including the conceptual or final design stage and the operational stage.

1.4. STRUCTURE

Section 2 provides an overview of fire PSA. It briefly highlights the differences and similarities between the probabilistic and deterministic approaches. The general methodological assumptions adopted in these guidelines are listed. Some

(12)

organizational aspects are also addressed, including the objectives and scope of the fire PSA project, the expertise of the PSA team and the quality assurance (QA) programme. The main tasks of the fire PSA are briefly surveyed and the interrelation between these tasks highlighted. Sections 3–9 discuss in detail the individual tasks of the fire PSA.

Section 3 covers collection and assessment of the data required for fire PSA and explains how the entire plant area should be subdivided into smaller parts to provide an organizational framework for data collection and to facilitate the analytical work.

It further addresses familiarization with the internal events PSA, describing the requirements for the internal events PSA model and explaining how this model should be adopted and extended to create an integral fire PSA. Guidance on identification of the equipment and cables relevant to fire risk is an essential part of this description. The section also refers to preparation of a plant location oriented database for the relevant equipment and cables, as identified in the course of familiarization with the internal events PSA.

Section 4 explains how to minimize the analytical effort by screening out non- essential fire scenarios. The techniques and assumptions applied at various stages of the screening process are described. Two stages of screening are addressed: screening by impact for single and multicompartment fire scenarios, and screening by frequency.

Section 5 addresses the detailed analysis of fire risk applied to those fire scenarios that were not eliminated by screening. Indications are given of the possible refinements of the fire PSA model that can be incorporated into this stage of the analysis to reduce conservatism. Some of the techniques used in the detailed analysis of fire propagation are also discussed.

Section 6 contains information that supplements the general information given in Sections 3–5. It focuses on issues that have been found to be important to the proper execution of PSA for fire methods and that differ significantly from those discussed in Sections 3–5, either because of specific features associated with location (the main control room, cable spreading room, switchgear rooms) or because of some additional aspects that should be taken into account in the analysis (environmental survival of equipment, control system interactions, containment integrity).

Conducting PSA for fire in the event of incomplete information is also addressed.

Section 7 deals with qualitative and quantitative analyses of the results, and discusses the sources and quantitative measures of uncertainty in the PSA for fire.

Guidance on sensitivity and importance analyses of the PSA for fire is also given.

Section 8 provides guidance on documentation of the analysis, as well as final presentation and interpretation of the results.

Section 9 discusses the treatment of ex-core radioactive releases as a result of fire events, a modelling issue that requires a slightly different approach to that of core related risk.

(13)

2. GENERAL OVERVIEW OF A FIRE PSA PROJECT

2.1. METHODS

Fire PSA is the probabilistic analysis of fire events and their potential impact on the nuclear safety of a plant. Using probabilistic models, fire PSA takes into account the possibility of a fire at specific plant locations; the propagation, detection and suppression of the fire; the effect of the fire on safety related cables and equipment; the possibility of damage to these cables and equipment, and in severe fires the structural integrity of the walls, columns, roof beams, etc.; and assessment of the impact on plant safety. Since the physical separation between redundant safety trains can limit the extent of fire damage, quantification of the damage frequency calculations generally includes those equipment failure probabilities that are not affected by the fire, e.g random failure probabilities, and the likelihood of a maintenance outage.

Many elements of a fire PSA are the same as those used in the deterministic fire hazard analysis (as described in Ref. [1]). It should be noted, however, that the probabilistic approach includes some new aspects of modelling and applies different acceptance criteria for the evaluation of fire safety. This section discusses the specific aspects of a fire PSA, highlighting the differences and similarities between the deterministic and probabilistic approaches.

The fire risk assessment methods introduce the likelihood of a fire in each plant location, the effect of the fire on equipment and cables, and the impact of equipment failures and human actions coincident with the fire. New elements of the model specific to the risk based approach include factors such as the probability and effect of plant damage beyond individual fire compartment boundaries (as a result of barrier elements being ineffective or inoperable) and random failure of the mitigation systems. The probabilistic criteria used in fire PSA are based on the risk concept. Core damage frequency is a typical criterion used for PSA Level 1.

Fire PSA relies on the plant response model developed for the internal initiating events. The availability of a plant model that logically examines the contributions to core damage, plant damage, etc. is a prerequisite for a fire PSA. An internal events PSA Level 1 is highly desirable; however, a partial PSA Level 1 (for selecting the initiating events) or another logic model equivalent to PSA Level 1 may be an adequate substitute.

It should be pointed out that expanding an internal events PSA to a fire PSA requires a considerable amount of plant specific data, e.g. the location of cable routes in plant compartments. This information will be readily available if a

(14)

comprehensive deterministic fire hazard analysis has already been performed for the plant.²

In the same way as the deterministic method, the PSA approach is based on systematic examination of all plant locations. To facilitate this examination, the plant is subdivided into distinct fire locations, which are then scrutinized individually. It is essential to demonstrate that significant fire scenarios have not been overlooked.

However, a theoretically complete and exhaustive examination would be both impractical, because of the large number of possible scenarios, and unnecessary, because there are many fires that are unlikely to pose any significant risk. Therefore, an effective screening process is essential to limit the level of effort made for the fire PSA.

It is advisable to perform the screening process in stages, starting with relatively simple, conservative models and progressing to more realistic representation of the fire scenarios at subsequent stages. Application of complex models that involve detailed investigation of the evolution of the fire and its impact on safety equipment, as well as the effect of the fire mitigation features, is limited to a relatively small number of fire scenarios, therefore the overall analytical effort is reduced substantially. This part of the PSA relies on physical fire growth models that are similar to those used in the deterministic fire hazard analysis.

Compared with the deterministic approach, the PSA model introduces some new elements that involve statistical data; as a result, further contributors to uncertainty in the final evaluation of fire safety are added. This aspect should be taken into account when applying PSA techniques to fires in nuclear power plants. In this case, sensitivity and uncertainty analyses are essential if interpretation of the results is to be correct. It should be emphasized that the main advantages of a PSA are that it can identify a number of uncertainties, and quantify and describe most of them.

2.2. MAIN ASSUMPTIONS

The fire PSA discussed in these guidelines is intended to reflect the current status of the plant using a best estimate assessment, but it does not address compliance of the plant with the fire protection codes, standards and regulations actually in force at the particular plant.

In general, with regard to the combination of events and the scope of the analysis, the assumptions recommended are consistent with those usually applied to an internal events PSA.

2 This applies to most existing nuclear power plants for which the deterministic fire hazard analysis has been performed prior to a fire PSA. This is not the case for new plants, where deterministic and probabilistic analyses of fire hazards may be carried out in parallel at the early stage of design or construction.

(15)

Only a single, independent fire is assumed to occur in any plant location. The spread of this fire to adjacent fire locations is taken into account, unless it can be justified that the fire is contained in the original fire location. It should also be noted that only in very rare cases can multicompartment fires be ignited concurrently in several locations by a single initiator (e.g. an overheating cable).

For multiple reactor sites, simultaneous fires in more than one reactor plant are not postulated. However, it should be taken into consideration that a single fire in facilities shared by reactors can affect more than one reactor (addressing the worst case of system interdependence).

The most severe natural phenomena, e.g. tornadoes, flooding or earthquakes, are not assumed to occur concurrently with a fire. Internal initiating events (e.g.

LOCA) are also not considered to be concurrent with a fire, unless they are a consequence of that fire.

Fires induced by other initiating events (e.g. earthquakes, sabotage) are not considered to be within the scope of these guidelines, nor is the risk associated with the spurious activation of fire protection equipment (and potential flooding). The potential for such activation is usually examined as part of the internal flooding analysis. However, secondary effects caused by the operation of fire protection systems during a fire are taken into account in a fire PSA.

2.3. PROJECT ORGANIZATION AND MANAGEMENT

The actions and activities necessary for the organization and management of a fire PSA are similar to those of an internal events PSA, including definition of the objectives and scope of the project, establishment of a project management scheme, selection of the methods and procedures, organization and composition of the project team, training of the team and establishment of the QA programme. The general guidelines for these activities, as outlined in Ref. [4], are applicable also to a fire PSA project. Some issues specific to a fire are highlighted below.

It is essential that the objectives and use of the results of a fire PSA are precisely defined at the early stages of a PSA project. In turn, these will determine the scope of the analysis, and the necessary methods and procedures. More detailed information on the general objectives of PSA, and various implications specific to the selected objectives, are given in Ref. [4].

The objectives and scope of the fire PSA are usually co-ordinated with those defined in the existing internal events PSA. This is important in order to ensure that interpretation and application of the existing internal events PSA model are correct and that any misuse of the results is avoided.

The expertise needed to conduct a fire PSA must combine several disciplines.

Thorough knowledge is required of the plant design and operation, the PSA

(16)

techniques (essential to the preparation of an internal events PSA), fire science, as well as the design and operational aspects of the fire protection systems (including their interaction with the nuclear safety systems).

It is essential that the fire PSA team includes specialists who are capable of evaluating the fire damage effects (including smoke and gases, as appropriate) on those structures, systems and components that are important to safety, and of assessing fire induced failures of the power, control and instrumentation circuits. The ability to evaluate the adequacy and likely performance of the installed fire detection and suppression systems is also of importance, especially regarding the timing of system actuation compared with the timing of component failures, where such timing is used/claimed in the analysis.

The size of the workforce and the amount of time required to complete a fire PSA depend on the scope of the PSA and on the expertise available in the PSA team.

Quite a large workforce is required to collect plant specific information. However, compared with an internal events PSA the number of personnel involved in systems analysis in a fire PSA is much lower.

Quality assurance of the PSA project should be viewed and established as an integral part of the PSA procedures that control all PSA activities. The specific aspects of the QA procedures applied in the organization, technical work and documentation of a PSA project are discussed in Ref. [4]. Establishment of the appropriate QA programme in a PSA project is even more important for a fire PSA.

Some specific QA related aspects of a fire PSA are discussed below.

Much of the plant specific information required for a fire PSA is not easily retrievable from existing plant documentation (e.g. the cable routes). Such data collection requires that considerable attention be given to the quality of information and that systematic, disciplined QA measures be taken. As a fire PSA requires a highly specialized team, including fire related experts, co-ordination of activities within the team, particularly at the interfaces between the different disciplines, may be more complicated. Therefore, QA verification of the results of the team’s work is very important. General guidance on conducting an independent peer review of a PSA (given in Refs [4, 6]) is also applicable to a fire PSA project.

2.4. MAJOR PROCEDURAL TASKS

The major procedural tasks in a fire PSA and the general flow of information between these tasks are shown in Fig. 1. It should be noted that the flow is not always sequential; some iterative loops exist between various tasks not shown on this simplified flow chart. Certain interrelated tasks are carried out throughout the entire modelling process (e.g. data collection and assessment, and documentation of the analysis).

(17)

It should be pointed out that the first procedural step of a PSA, i.e. dealing with the organization and management of a PSA project, is not shown in the figure.

However, the information provided in Ref. [4] on related tasks is equally applicable to a fire PSA.

Data collection and assessment (task 1) is the initial task in the fire PSA procedure. Preparation of the necessary data is a major part of a fire PSA project, and

FIG. 1. Major procedural tasks in a fire PSA.

7

Detailed analysis

9

Sensitivity and importance analyses 8

Uncertainty analysis

6

Screening by frequency

1 Data collection and assessment 10

Documentation of the analysis

2 Definition of fire compartments

and cells

3

Familiarization with the internal events PSA

4

Inventory of equipment and cables

5

Screening by impact

(18)

is a very time consuming task. It concentrates on collection of the plant specific data required for fire risk modelling; however, some data used in the internal events PSA model also have to be re-assessed to account for fire induced conditions.

This task begins at the early stage of a fire PSA and continues for almost the entire duration of the project. Data collection is a plant location oriented process that proceeds in parallel with task 2, which deals with subdivision of the plant area into individual fire locations (fire compartments and cells).

It should be noted that detailed information is not needed for all plant locations.

Most of the data are required for the analysis of compartments when more sophisticated models are introduced (typically those that involve higher risk).

Therefore, the data collection process needs to be well co-ordinated with the analytical tasks in order to avoid the collection and assessment of data that are unnecessary for the analysis. The screening analysis can be conducted with a smaller amount of plant specific information, which can be extended at the later stages of modelling as the preliminary results are obtained, and as the models require.

Definition of fire compartments and cells (task 2) is established at the initial stage of analysis. It is aimed at the division of all plant buildings and structures into distinct fire compartments and cells³, which are scrutinized individually at the later stages of analysis. All plant buildings and structures are systematically examined.

Some plant locations that do not contain any plant equipment (e.g. administrative buildings and offices) can be eliminated from further consideration at the very early stage of analysis on the basis of qualitative judgement. However, prior to elimination it has to be shown that a fire in one of these zones cannot spread to an adjacent zone that houses safety related equipment. Further elimination is carried out later on the basis of more formal screening procedures. Sometimes, redefinition of the fire compartments and cells is needed at the later stages of analysis, when more sophisticated models are introduced. The results of this task include a set of fire compartment and cell drawings and specification of all the surrounding boundaries.

Familiarization with the internal events PSA (task 3) is an important task in that it establishes a link between the existing internal events PSA models and the fire related models. It starts with examination of the internal events logic models (e.g.

fault trees and event trees), and their applicability to fire risk modelling. Sometimes, these models have to be extended in order to achieve the required level of detail and completeness. This task also identifies those plant systems and equipment, and all the

3 A definition of fire compartments and cells is provided in Safety Series No. 50-SG-D2 (Rev.1) [3]. The terms fire compartment and fire cell are essentially analogous to the fire area and fire zone terms used in codes, standards and guidance documents in the United States of America.

(19)

related elements of the model, that are important to fire PSA. Identification of all the related cables and circuits is an integral part of this examination.

As a result of this task, a logic model suitable for calculating the conditional unavailability of the required safety functions (task 6) is made available. Another outcome is a list of the PSA related equipment and cables.⁴Basic, component specific information is usually collected for certain PSA related items (e.g. for the required component functions, and the electrical and control supplies). This information may be further extended at the later stages of analysis.

The next task (task 4) is preparation of an inventory of equipment and cables (as identified in task 3). A list of PSA related items is prepared for each fire compartment and cell (defined in task 2). A plant walkdown is important in order to establish correct localization of the equipment and cables in the fire compartments and cells. During the initial stages of the screening analysis, listing components by plant fire compartment or cell is sufficient. At the later stages of detailed analysis it will be necessary to determine more accurately the component locations within the fire compartment or cell.

Screening by impact (task 5) is aimed at eliminating non-essential fire scenarios on the basis of impact oriented criteria (mostly, but not exclusively, qualitative). It starts with definition of the critical fire locations, followed by definition of the possible single and multicompartment fire scenarios. The impact oriented criteria used for screening out the individual fire scenarios take into account the characteristics of those fire compartments that are involved in the scenario considered. The result of this task is a list of fire scenarios that can be significant contributors to risk.

Screening by frequency (task 6) is aimed at the further elimination of those fire scenarios that are retained after the first stage of screening (task 5). Screening is performed on the basis of a simple, conservative estimate of damage frequency (e.g.

core damage frequency). The conditional unavailability of the required safety functions (e.g. safe shutdown) because of a fire is calculated from the existing internal events PSA model. Conservative assumptions are made of the effect of a fire on equipment, and the related human actions. As a result, the number of risk significant fire scenarios is further reduced. For each of the remaining fire scenarios, a quantitative PSA model is available for further analysis.

4 The term PSA related equipment is systematically used in this report to describe all the items credited in the internal events PSA model. For a PSA that is limited to in-core radioactive releases, this term is equivalent to the term safe shutdown equipment, as outlined in Section 3.3.3. In a PSA that considers other sources of radioactive release, the PSA related equipment also includes those items that are related to the safety functions which need to be performed in order to prevent releases from ex-core radioactive sources, including the necessary support features.

(20)

The detailed analysis (task 7) is aimed at reducing the level of conservatism in the fire scenarios identified in task 6. The effect of intracompartment barriers and other fire protection measures, the location of equipment in the fire compartment or cell and other factors are taken into account. More realistic models are applied for assessing human actions, fire propagation, the effects of a fire on the equipment and cables, etc.

The analyst may select any of the above mentioned approaches (one or several at a time) to revise the risk estimates calculated in task 6 for each of the risk significant fire scenarios. More fire scenarios are screened out in the course of this process, and refined risk estimates determined for the remaining scenarios.

The uncertainty analysis (task 8) is aimed at identifying the sources of uncertainty, and their evaluation. Qualitative and quantitative assessments are carried out. Quantifiable uncertainties are investigated through formal uncertainty analyses using the fire risk model developed in tasks 6 and 7.

Sensitivity and importance analyses (task 9) are aimed at identifying the risk significant elements of the fire PSA model. Sensitivity studies are performed for the important assumptions, and the relative importance of various contributors to the calculated results determined. The fire risk model developed in tasks 6 and 7 is used in this task.

Documentation of the analysis (task 10) is one of the tasks that continues for almost the entire duration of a PSA project. The results of analysis of each task are thoroughly documented and the final documentation is prepared. The results of the PSA are displayed and interpreted in line with the objectives of the PSA.

3. PREPARATION PHASE (TASKS 1–4)

3.1. DATA COLLECTION AND ASSESSMENT (TASK 1)

A fire PSA relies on the availability of plant information (both qualitative and quantitative). As previously mentioned, data collection is a major, time consuming task that extends over several analytical tasks of a fire PSA. Two major types of plant specific data are obtained: internal events PSA related data and fire related data.

The fire PSA is strongly dependent on the internal events PSA. A large portion of the model is retained and used in the fire PSA, but a number of aspects will have to be reviewed, and in some cases developed. The information that needs to be gathered for the fire PSA can be categorized as a list of initiating events; the PSA logic models; the basic events of the model; and human actions.

(21)

Fire related data require a considerable amount of plant specific information.

These data can be classified into the following major groups: the physical characteristics of the fire compartments, and their inventory; fire occurrence data;

reliability estimates of the fire detection and suppression systems; human actions and human error probabilities; and fire induced equipment failure modes and damage criteria.

The first group may be available from a fire hazard analysis based on the deterministic approach (as described in Ref. [1]), which typically is performed for the plant prior to a fire PSA. This group of data includes the following categories: the safety system inventory; the fire compartment inventory; the combustibles inventory;

the ignition sources inventory; the passive fire protection features; the fire detection and alarm systems; the fire extinguishing systems; the emergency lighting; the communication systems; the smoke and heat removal systems; and the manual fire fighting arrangements. Detailed specification of the scope of these categories can be found in Ref. [1].

The required plant specific information can be acquired from various design sources, as well as from plant walkdowns, where in situ information is gathered and verified.

Collating design information from plant documentation is usually the first phase of data collection. The recommended sources of plant specific information include a description of the systems, equipment lists, design drawings, plant procedures and other similar items. Several types of drawings should be mentioned in this context:

(1) General arrangement drawings that display the current configuration of plant areas and the location of major equipment;

(2) Fire barrier drawings that show the fire compartment walls and the location of fire doors;

(3) Piping and instrumentation diagrams for the relevant systems;

(4) Electrical distribution drawings and electrical logic diagrams;

(5) Electrical drawings that show the connection of the power and control circuits for the systems, the arrangement of the motor control centres, and the cable and conduit routing;

(6) Ventilation path drawings.

All the information obtained from plant documentation has to be verified by visually inspecting each fire compartment throughout the entire plant. This is essential in order to ensure that the data represent the actual and current condition of the plant.

It should be noted that a plant walkdown also plays a very important role in familiarizing the analyst with the fire specific features of the plant. The purpose of

(22)

such a walkdown is to determine or verify the equipment locations and to gather information on the physical condition of the compartment or cell, and on the fire related features, some of which may not be easily identified from other data sources (e.g. the nature of the openings in the fire barriers or the existence of louvres on cabinets).

Several plant walkdowns are necessary during different phases of the study. A plant familiarization walkdown is usually performed during the initial stages of analysis. A second, detailed walkdown may be performed when the screening analysis is nearing completion in order to confirm the information used and to gather data on those specific compartments that will require detailed analysis. Additional walkdowns, confined to compartments undergoing detailed analysis, may be required to confirm and collect additional data, and to examine corrective actions with a view to reducing potential vulnerabilities, if required (task 7).

Plant specific fire occurrence data are collected for the source of ignition, the materials involved in the fire, and the damage to equipment and cables. It is advisable that, in addition to the fire events, the analyst collects generic data on the fire initiation frequencies which are available in the literature and which are drawn from nuclear power plant operating experience. Sources of such data include Refs [7–11].

Reliability data for the fire protection features include data for active fire protection equipment (fire detection and fire extinguishing systems) and for intercompartment fire barriers (dampers, doors, curtains, penetration seals, etc.).

These data can be derived from plant operational experience (event records, test and maintenance records, etc.) or, using the available plant specific data, extrapolated from generic sources of information.

Plant operating procedures, particularly those concerned with operator actions following indication of a fire or other initiating event, form the basis of the operator actions that can be included in the fire PSA. A number of the operator actions in the internal events PSA model, including certain important recovery actions, will have to be reviewed and, in some cases, requantified. This is discussed further in Sections 3.3.4 and 5.4.

Where an action local to a plant is required it is necessary to consider all those factors that may prevent plant personnel from carrying out this action, e.g. the unavailability of emergency lighting. The routes within the plant by which access is achieved have to be determined. The fire situation may involve the normal or the most direct route, but it will be necessary to identify and consider a viable alternative.

Walkdowns play an important role in gathering and verifying information of this type.

In some cases, a walkdown may determine that credit should not be taken for any operator actions within a fire compartment until well after the fire has been suppressed. This would be true, for example, if the action required that the operator traverse a significant portion of the compartment, perform complicated or multiple

(23)

control actions, or remain in the compartment for any significant fraction of time.

Such actions should also not be credited in scenarios involving larger fires.

The fire analyst will need to gain knowledge of the susceptibility of various types of equipment to the different phenomena that may be experienced in a fire event. The analyst will also have to establish a list of equipment types within the plant, and to specify their damage mechanisms (e.g. heat, flame, smoke and water) and failure modes. For example, passive components, such as pipes, check valves and manual valves, are generally not expected to fail in a fire. A motor (e.g. for a pump) may fail from heat but not from exposure to smoke, while an electronic device may fail from heat and smoke.

Since this data collection process produces a significant amount of interrelated data it is recommended that the information be arranged in a systematic way (e.g.

tables), preferably in a computerized database. This greatly facilitates the retrieval and processing of data. It is advisable that comprehensive and well organized data sheets be used during plant walkdowns. Some examples of such data sheets can be found in Refs [1, 10, 12].

Care in the use of generic data should always be exercised. For example, regarding fire occurrence frequencies, definition of a recorded fire will vary and be influenced by the fire detection and suppression measures taken. This applies also to equipment failure rate data.

Even under the best of circumstances some gaps in the information base will remain unfilled; this issue is discussed further in Section 6.7. It is important for the analyst to recognize and acknowledge where such information gaps have occurred, and to describe in the analysis how these gaps were overcome.

3.2. DEFINITION OF FIRE COMPARTMENTS AND CELLS (TASK 2)

The division of all plant buildings and structures into distinct fire locations (fire compartments and cells), which are scrutinized individually at the later stages of analysis, is an important task that permits systematic and definable evaluation of fire events.

Physical separation between safety relevant systems and equipment is an effective fire safety feature. Such separation can be achieved through distinct fire compartments, which are plant areas completely surrounded by fire barriers.⁵The fire compartments are designed to prevent the spread of the effects of a fire to or from other plant compartments. The fire resistance (fire rating) of the compartment barriers

5 A definition of fire barriers and fire barrier rating is provided in Safety Series No. 50-SG-D2 (Rev. 1) [3].

(24)

may be sufficient to contain fires initiated in that compartment (design approach based on fire containment), or may require additional fire protection measures to limit fire spread (fire influence approach).

Formal definition of the fire compartments and the fire resistance rating of the related barriers may not be readily available for the PSA. In such cases it will be necessary to undertake a review of the major construction elements of the plant in order to derive the appropriate fire compartments and the fire rating of barriers.

Guidance is given in Ref. [1].

Some flexibility should be exercised by the analyst in defining fire compartments for PSA use. For instance, the analyst may prefer to consider several fire compartments as one compartment, if this facilitates the analysis. It is strongly advisable to avoid unnecessary division of the plant into a large number of small locations, at least at the early stage of analysis.

The fire resistance rating of the walls and ceilings may be determined analytically or be evaluated by engineering judgement according to simplified state of the art methods that involve the thickness and material of the wall (such as graphs or tables published in the literature).

Fire barrier elements, e.g. doors or dampers that are installed in the walls, are included in this process. The fire resistance rating of each fire compartment barrier is determined by the weakest (lowest fire rated) element of that barrier.

Where a fire rating cannot be established and justified, the barrier cannot be considered as being fire rated, and it is necessary to consider larger areas of the plant as a single fire compartment. In such a situation, the fire compartment may be subdivided along logical lines such as rooms, functional areas or areas with clearly defined spatial separation. Such areas are called the fire cells of the fire compartment.

Some examples of the definition of fire compartments and cells in a nuclear power plant can be found in Ref. [3].

Typically, a set of fire compartment and cell drawings, and specification of all the surrounding boundaries, are generated in this task. Use of a comprehensive and flexible numbering system for fire compartment and cell identification is advisable;

numbers are usually assigned to the fire compartments after the first stage of screening.

3.3. FAMILIARIZATION WITH THE INTERNAL EVENTS PSA (TASK 3) A fire PSA can only be conducted if some form of plant model exists that logically examines contributions to core damage, plant damage states, etc.

This task covers examination and interpretation of the existing internal events PSA (or its equivalent) to determine the plant systems and equipment, as well as all those related elements of the model that are important to the fire PSA. Section 3.3.1

(25)

discusses the general requirements that should be fulfilled to make an internal events PSA suitable for fire risk assessment. A number of issues specific to fires also have to be considered; these are discussed in Sections 3.3.2 to 3.3.6.

3.3.1. Requirements of the internal events PSA

A fire PSA is normally performed either as an integral (later) part of a full scope PSA or as a discrete task following completion of an internal events PSA. To minimize potential errors or misuse of the PSA results, the objectives, limitations and assumptions used in the internal events PSA should be understood.

The unavailability of an internal events PSA creates a number of difficulties for fire PSA in terms of a full representation of the logical safety features of the plant.

Without such models it will not be possible to estimate the relative importance of fires in a quantitative manner, and thereby provide results for informed decision making.

The information given below assumes that an internal events PSA model exists and that it is comprehensive. A comprehensive model should comply with the guidance given in Ref. [4]. Where such a PSA model is not available, the analyst may be able to adapt or tailor existing logic models to meet the minimum intent below.

The extent of the internal events PSA will also influence selection of the screening criteria to be used in task 6, depending on whether the core damage frequency, plant damage states or other ex-core releases of radioactivity are considered.

The internal events PSA is used to provide information on the initiating events⁶ and systems (including support systems) that are used in the mitigation of such events.

The internal events PSA should contain information on the possible causes of initiating events, as well as details of those initiating events that have been grouped in a particular event tree model and those that have not been modelled because of some form of qualitative screening. A review of initiating events is given in Section 3.3.2.

The internal events PSA should also contain information on those systems and components whose failure to function correctly in response to an initiating event may lead to an undesired consequence. Such equipment includes safety related frontline and support systems, and non-safety related systems such as main feedwater and off- site power. For a fire PSA, information relating to those components that use or provide an external power source (electric, pneumatic, hydraulic) is required.

A comprehensive internal events PSA should already include the failure modes of interest in the fire PSA for such components. The required detail, and its use, are described in Ref. [4].

6 In the context of these guidelines only, the following definition of an initiating event is applied and taken to be exclusive: An initiating event is a change in the hardware state of any equipment that leads to a perturbation in the normal heat production–removal balance of the plant.

(26)

In this context it is expected that the internal events PSA will be developed to the component level in order to identify explicitly those items that provide the safety functions required to mitigate an internal initiating event (Section 3.3.2). These include: the pumps; the motor, with pneumatically or hydraulically operated valves; electrical supply equipment, including transformers and breakers;

instrumentation and control (I&C) signals and related hardware; and pipework and structures.

Typically, this involves systems that provide the following safety functions:

control of reactivity; controlled removal of the core decay heat and stored heat;

maintenance of the integrity of the reactor coolant boundary (pressure control);

maintenance of the reactor coolant inventory; protection of containment integrity (isolation, overpressure); and scrubbing of radioactive materials from the containment atmosphere.

If the available logic models do not provide this level of information, the analyst, with extreme diligence and care, may be able to meet the intent of the PSA model. However, such an approach must be adopted with this provision in mind and in recognition of the potential problems that may arise in the quality and usefulness of the final product.

3.3.2. Review of initiating events

This task determines the list of components used or implied in the PSA in terms of their potential, as a result of a fire, to cause an initiating event that requires some form of control or mitigating action, either manual or automatic.

This task starts with a review of the initiating events considered in the PSA. A number of techniques for identifying the initiating events of an internal events PSA are described in Safety Series No. 50-P-4 [4]. In turn, each initiating event has to be reviewed in order to determine whether it can be induced by a fire.

It should be recognized that such effects include failure of the power supply to the equipment from the main electrical bus(es) and actuation signals for equipment operation (e.g. start, stop, open, close) from the control room and the control relay cabinets. In terms of completeness, the analysis could also be extended to cover identification of those instrument sensors and signals, including any processing, that may adversely affect operation of the equipment.

The initiating events identified should be the same as those already included in the internal events PSA. However, based on low probability, some analysts may have chosen to exclude certain initiating events from the internal events PSA. In such cases, the fire PSA analyst must bear in mind that the fire may cause more severe faults than those considered or modelled previously, thus necessitating the creation of a new event sequence model for evaluation or allocation to an equivalent bounding initiating event.

(27)

An example of this is the possibility that the fire may lead to multiple opening of the steam generator power operated relief valves, whereas the internal events model may be limited to spurious opening of a single relief valve. Also of concern is multiple loss of the electric power supply to the safety related components. In such cases, either a new logic model for the multiple event will have to be prepared, or the fire PSA analysis may have to adopt a representative (but conservative) equivalent event such as a steam line rupture of the steam generator in the first instance.

It is important to note that the review of potential fire initiating events should also include the support system effects on those systems that are involved in the normal operation of the reactor.

The initiating events that arise from this review can generally be categorized as one of the following:

(1) Events leading to controlled reactor shutdown;

(2) A reactor trip (scram) initiated by the operator;

(3) Transients leading to an automatic scram, e.g. tripping of the turbine, loss of feed, loss of the electric power supply, loss of off-site power, opening of a steam generator relief valve;

(4) LOCA from the primary circuit, e.g. failure of a pump seal (because of loss of seal cooling), opening of a pressurizer relief valve, interfacing system LOCA;

(5) Events resulting in releases of ex-core radioactivity.

The level of work involved in this task varies according to the level of information already included in the PSA modelling. It is important to take into account all those items of equipment that can influence the PSA modelled function.

This will necessarily extend the analysis to a detailed understanding of the operation of the system or subsystem in terms of motive, and the control power cables and signals that operate the system.

3.3.3. Identification of the PSA related systems and equipment

This task determines the list of those components that are credited in the internal events PSA in terms of their use in the control or mitigation of a fire caused by an initiating event (the term PSA related equipment is systematically used in this report to describe these components). In the case of a PSA that is limited to in-core radioactive releases, this list relates to the frontline and support systems that provide safe shutdown of the reactor and adequate heat removal from the reactor core (safe shutdown equipment); it includes alternative and dedicated systems. In a PSA that considers other sources of radioactive release, the list includes also those items that are related to the safety functions which need to be performed in order to prevent releases from ex-core radioactive sources. However, it does not include fire protection

(28)

TABLE I. WORKSHEET USED IN THE REVIEW OF THOSE COMPONENTS THAT ARE IMPORTANT TO A FIRE PSA

Component identifier Component description Component location

Building:

Room:

Potential to cause an initiating event because of a fire? Yes / No Initiating event:

Components belong to the initiating event mitigating system? Yes / No System/redundant train No.:

Fault tree identifier:

Electric (motive) power details Supply source identifier:

Supply source location:

(repeat as required for stand-by or alternative power supplies) Control power details

Control power source identifier:

Control power source location:

(repeat as required) Control sensor details

Sensor identifier:

Sensor location:

(repeat as required)

Normal and failed position of a component by operating mode

Plant mode Normal position/state Position/state

Comments on loss of supply

Note: The contents of this table can easily be expanded to include information on the cable pathways between the component and the sources of electric power/signals (see Appendix I).

(29)

systems, which are considered separately as an element of the fire propagation model (Section 5.5).

For each initiating event that has the potential to be caused by a fire event, as discussed in Section 3.3.2, it is necessary to determine the systems credited in the PSA with controlling and mitigating the effects of that initiating event. This is achieved in the first instance by inspection of the PSA logic models (event and/or fault trees).

In turn, a list is developed of the equipment that provides the required safety function.

Appendix I gives an example of the items to be listed, and the additional information required beyond that which may be included in the internal events PSA.

In deriving such information it is not sufficient to rely solely on a fire hazard analysis (e.g. Ref. [1]), since the PSA may include non-safety related systems, e.g.

main feedwater systems and ‘normal’ electrical supplies.

It is useful and recommended that the list of equipment derived from a review of the PSA, and expanded where necessary to include complete information on the electric power and control supplies, be incorporated into a fire PSA database, which is then further extended in task 4. Table I illustrates the type and organization of component related data.

3.3.4. Identification of the human error contribution

This subtask determines the list of operator actions in the internal events PSA for which estimates of the probability of human error may differ as a result of a fire.

It also provides guidance on the error probabilities to be used in the screening stages of the fire PSA.

Human actions are typically an integral part of event sequences in an internal events PSA. The failure probabilities for these human actions are evaluated as part of an internal events PSA effort, assuming a normal working environment. The same human actions may be addressed in modelling the impact of a fire on plant safety.

However, the failure probabilities may have to be adjusted to take into account the unusual environmental conditions (e.g. smoke) imposed by the fire event.

The internal events PSA model normally includes a number of operator actions that contribute to the unavailability of systems. The actions are generally of two types: (a) those that occur prior to the occurrence of the initiating event, and (b) those that are required to be performed after the occurrence of the initiating event.

Failure to reinstate power supplies to a motor operated valve following maintenance is an action of type (a). Failure to recognize the need for a particular action (cognitive error) or failure to perform a particular action within a given timeframe (error of omission) is an action of type (b).

Values for the human error probabilities (HEPs) relating to the unavailability of components prior to the occurrence of fire initiating event (a) will not require re-evaluation. The HEP values assigned to actions of type (b) in the internal events

(30)

PSA are determined for particular conditions associated with the initiating event, and thus may not be applicable to the fire case. There may also be post-fire operator actions that the internal events PSA does not model; these have to be addressed in the fire PSA.

The actions required in response to a fire event may involve physical and psychological conditions that differ from those in internal events modelling, particularly for those actions that are undertaken outside the control room. For example, because of the fire effects on equipment and access routes, these actions may take longer than originally specified. For this reason it is recommended, at this stage, that each post-fault HEP be set to 1.0 to ensure that the fire related influences are not omitted from the screening analysis. Task 7 describes revision of the HEP values in cases where this assumption leads to unacceptably high consequences. It may be one of the first steps considered in undertaking detailed analysis (task 7).

Historically, one issue that has not been widely modelled is errors of commission in response to a fire (as defined in Ref. [4]). Indeed, the internal events PSA may not have explicitly modelled such errors. For this reason it is not possible in this report to provide specific guidance on this developing issue. However, it should be recognized that the probability of these errors may increase after a fire. The decision to include these errors currently remains with the analyst or with specific requirements on the scope of the fire PSA.

3.3.5. Identification of the PSA related cables

For the components identified in Section 3.3.3 it is necessary to determine which cables and circuits are required so that each particular component can perform its safety related function. The following circuits should be analysed: the motive power supply circuits, the control power supply circuits, and the instrumentation and control circuits.

Electric motive power supply circuits provide the power for operating electrically driven components (motors and valves). The control power supply circuits provide the electric power to I&C equipment; in turn, this equipment provides signals from the plant for processing, and also to the plant for the remote control of components.

Process monitoring and component control are the main functions performed by I&C.

Component control also includes permissive and/or interlock functions, i.e. to permit (or prevent) operation of the component when either a required condition exists or a certain signal is required.

All these functions can be provided by a dedicated electrical circuit or by electronic signals. The information can be transmitted in analog, digital or processed digital (multiplexed) form using electrical or fibre optic cables.

Each cable should be evaluated to determine the effect of its failure on the operation of the required PSA related components. It is important that all possible

(31)

failures are identified. The following failure modes, or a combination thereof, should be considered for cables:

(1) Open circuit: A circuit failure that causes loss of the electrical continuity of a conductor or loss of the transmitting capability of a fibre optic cable.

(2) Short to ground: A circuit failure that results in the cable conductors becoming connected to a grounded item (e.g. cable tray).

(3) Short circuit: A circuit failure that results in the cable conductors coming into contact with each other.

(4) Hot short: A short circuit failure in which a de-energized conductor comes into contact with an energized conductor such that the de-energized circuit becomes energized. Two types of hot short should be distinguished:

(a) An intracable hot short, for conductor to conductor shorts within a multiconductor cable;

(b) An intercable hot short, for a non-energized cable that comes into contact with a separate energized cable.

The most likely fault mode for a single conductor cable is a short to ground.

Failures of this type can lead to deactivation of the electrical circuits, either by tripping a circuit breaker, causing a fuse to open, or by melting open the wire or cable.

In control circuits this fault leads to loss of the control function; in instrument circuits, this fault causes either a loss of signal or a false signal at the high or low end of the range, depending on the circuit. An open circuit fault generally occurs because of collapse of the cable support structure, failure of the circuit protection devices to trip in the event of a sustained short to ground, or prolonged severe fire exposures. These two types of fault (short to ground and open circuit) can be treated similarly in terms of their anticipated system impact in the fire PSA.

For a multiconductor cable, the most likely initial fault mode is an intracable hot short, i.e. conductor to conductor faults within the cable. Faults of this type can simulate the actions of a manual control circuit switch, circuit breaker or solenoid switch. This might lead to undesirable effects, such as the reconfiguration of valves in an operating system and the opening of solenoid operated safety relief valves, e.g.

on the pressurizer of a PWR, or to actuation of an inactive system. These faults can also lead to false readings on a sensor circuit. In the longer term, multiconductor cables are expected to short to ground as the fire damage progresses. The timing of this transition from an intracable hot short to a short to ground remains a point of uncertainty. In severe fire exposures, rapid transition is anticipated (within minutes or even seconds). In more moderate exposures, or when rapid intervention of severe fire exposure is postulated, a sustained intracable hot short is possible. The impact of both short term and sustained intracable hot shorts in multiconductor cables should be considered in the analysis, especially for the control cables.

Treatment of Internal Fires in Probabilistic Safety Assessment for Nuclear Power Plants | IAEA

TREATMENT OF INTERNAL FIRES IN PROBABILISTIC

SAFETY ASSESSMENT

FOR NUCLEAR POWER PLANTS

TREATMENT OF INTERNAL FIRES IN PROBABILISTIC

SAFETY ASSESSMENT

FOR NUCLEAR POWER PLANTS

SAFETY REPORTS SERIES No. 10

FOREWORD

CONTENTS

1. INTRODUCTION

2. GENERAL OVERVIEW OF A FIRE PSA PROJECT

3. PREPARATION PHASE (TASKS 1–4)